From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: fam@euphon.net, "Peter Maydell" <peter.maydell@linaro.org>,
berrange@redhat.com,
"Richard Henderson" <richard.henderson@linaro.org>,
f4bug@amsat.org, stefanha@redhat.com, crosa@redhat.com,
pbonzini@redhat.com, "Alex Bennée" <alex.bennee@linaro.org>,
aurelien@aurel32.net
Subject: [PATCH v1 11/11] accel/tcg: re-factor plugin_inject_cb so we can assert insn_idx is valid
Date: Fri, 17 Sep 2021 17:23:32 +0100 [thread overview]
Message-ID: <20210917162332.3511179-12-alex.bennee@linaro.org> (raw)
In-Reply-To: <20210917162332.3511179-1-alex.bennee@linaro.org>
Coverity doesn't know enough about how we have arranged our plugin TCG
ops to know we will always have incremented insn_idx before injecting
the callback. Let us assert it for the benefit of Coverity and protect
ourselves from accidentally breaking the assumption and triggering
harder to grok errors deeper in the code if we attempt a negative
indexed array lookup.
However to get to this point we re-factor the code and remove the
second hand instruction boundary detection in favour of scanning the
full set of ops and using the existing INDEX_op_insn_start to cleanly
detect when the instruction has started. As we no longer need the
plugin specific list of ops we delete that.
My initial benchmarks shows no discernible impact of dropping the
plugin specific ops list.
Fixes: Coverity 1459509
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
---
v2/v3
- re-factor and drop the plugin_op/link approach
---
include/tcg/tcg.h | 6 --
accel/tcg/plugin-gen.c | 157 ++++++++++++++++++++++-------------------
2 files changed, 85 insertions(+), 78 deletions(-)
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index 44ccd86f3e..a7f6475348 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -492,9 +492,6 @@ typedef struct TCGOp {
/* Next and previous opcodes. */
QTAILQ_ENTRY(TCGOp) link;
-#ifdef CONFIG_PLUGIN
- QSIMPLEQ_ENTRY(TCGOp) plugin_link;
-#endif
/* Arguments for the opcode. */
TCGArg args[MAX_OPC_PARAM];
@@ -604,9 +601,6 @@ struct TCGContext {
/* descriptor of the instruction being translated */
struct qemu_plugin_insn *plugin_insn;
-
- /* list to quickly access the injected ops */
- QSIMPLEQ_HEAD(, TCGOp) plugin_ops;
#endif
GHashTable *const_table[TCG_TYPE_COUNT];
diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index 88e25c6df9..f145b815c0 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -163,11 +163,7 @@ static void gen_empty_mem_helper(void)
static void gen_plugin_cb_start(enum plugin_gen_from from,
enum plugin_gen_cb type, unsigned wr)
{
- TCGOp *op;
-
tcg_gen_plugin_cb_start(from, type, wr);
- op = tcg_last_op();
- QSIMPLEQ_INSERT_TAIL(&tcg_ctx->plugin_ops, op, plugin_link);
}
static void gen_wrapped(enum plugin_gen_from from,
@@ -707,62 +703,6 @@ static void plugin_gen_disable_mem_helper(const struct qemu_plugin_tb *ptb,
inject_mem_disable_helper(insn, begin_op);
}
-static void plugin_inject_cb(const struct qemu_plugin_tb *ptb, TCGOp *begin_op,
- int insn_idx)
-{
- enum plugin_gen_from from = begin_op->args[0];
- enum plugin_gen_cb type = begin_op->args[1];
-
- switch (from) {
- case PLUGIN_GEN_FROM_TB:
- switch (type) {
- case PLUGIN_GEN_CB_UDATA:
- plugin_gen_tb_udata(ptb, begin_op);
- return;
- case PLUGIN_GEN_CB_INLINE:
- plugin_gen_tb_inline(ptb, begin_op);
- return;
- default:
- g_assert_not_reached();
- }
- case PLUGIN_GEN_FROM_INSN:
- switch (type) {
- case PLUGIN_GEN_CB_UDATA:
- plugin_gen_insn_udata(ptb, begin_op, insn_idx);
- return;
- case PLUGIN_GEN_CB_INLINE:
- plugin_gen_insn_inline(ptb, begin_op, insn_idx);
- return;
- case PLUGIN_GEN_ENABLE_MEM_HELPER:
- plugin_gen_enable_mem_helper(ptb, begin_op, insn_idx);
- return;
- default:
- g_assert_not_reached();
- }
- case PLUGIN_GEN_FROM_MEM:
- switch (type) {
- case PLUGIN_GEN_CB_MEM:
- plugin_gen_mem_regular(ptb, begin_op, insn_idx);
- return;
- case PLUGIN_GEN_CB_INLINE:
- plugin_gen_mem_inline(ptb, begin_op, insn_idx);
- return;
- default:
- g_assert_not_reached();
- }
- case PLUGIN_GEN_AFTER_INSN:
- switch (type) {
- case PLUGIN_GEN_DISABLE_MEM_HELPER:
- plugin_gen_disable_mem_helper(ptb, begin_op, insn_idx);
- return;
- default:
- g_assert_not_reached();
- }
- default:
- g_assert_not_reached();
- }
-}
-
/* #define DEBUG_PLUGIN_GEN_OPS */
static void pr_ops(void)
{
@@ -820,21 +760,95 @@ static void pr_ops(void)
static void plugin_gen_inject(const struct qemu_plugin_tb *plugin_tb)
{
TCGOp *op;
- int insn_idx;
+ int insn_idx = -1;
pr_ops();
- insn_idx = -1;
- QSIMPLEQ_FOREACH(op, &tcg_ctx->plugin_ops, plugin_link) {
- enum plugin_gen_from from = op->args[0];
- enum plugin_gen_cb type = op->args[1];
-
- tcg_debug_assert(op->opc == INDEX_op_plugin_cb_start);
- /* ENABLE_MEM_HELPER is the first callback of an instruction */
- if (from == PLUGIN_GEN_FROM_INSN &&
- type == PLUGIN_GEN_ENABLE_MEM_HELPER) {
+
+ QTAILQ_FOREACH(op, &tcg_ctx->ops, link) {
+ switch (op->opc) {
+ case INDEX_op_insn_start:
insn_idx++;
+ break;
+ case INDEX_op_plugin_cb_start:
+ {
+ enum plugin_gen_from from = op->args[0];
+ enum plugin_gen_cb type = op->args[1];
+
+ switch (from) {
+ case PLUGIN_GEN_FROM_TB:
+ {
+ g_assert(insn_idx == -1);
+
+ switch (type) {
+ case PLUGIN_GEN_CB_UDATA:
+ plugin_gen_tb_udata(plugin_tb, op);
+ break;
+ case PLUGIN_GEN_CB_INLINE:
+ plugin_gen_tb_inline(plugin_tb, op);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ break;
+ }
+ case PLUGIN_GEN_FROM_INSN:
+ {
+ g_assert(insn_idx >= 0);
+
+ switch (type) {
+ case PLUGIN_GEN_CB_UDATA:
+ plugin_gen_insn_udata(plugin_tb, op, insn_idx);
+ break;
+ case PLUGIN_GEN_CB_INLINE:
+ plugin_gen_insn_inline(plugin_tb, op, insn_idx);
+ break;
+ case PLUGIN_GEN_ENABLE_MEM_HELPER:
+ plugin_gen_enable_mem_helper(plugin_tb, op, insn_idx);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ break;
+ }
+ case PLUGIN_GEN_FROM_MEM:
+ {
+ g_assert(insn_idx >= 0);
+
+ switch (type) {
+ case PLUGIN_GEN_CB_MEM:
+ plugin_gen_mem_regular(plugin_tb, op, insn_idx);
+ break;
+ case PLUGIN_GEN_CB_INLINE:
+ plugin_gen_mem_inline(plugin_tb, op, insn_idx);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ break;
+ }
+ case PLUGIN_GEN_AFTER_INSN:
+ {
+ g_assert(insn_idx >= 0);
+
+ switch (type) {
+ case PLUGIN_GEN_DISABLE_MEM_HELPER:
+ plugin_gen_disable_mem_helper(plugin_tb, op, insn_idx);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ break;
+ }
+ default:
+ g_assert_not_reached();
+ }
+ break;
+ }
+ default:
+ /* plugins don't care about any other ops */
+ break;
}
- plugin_inject_cb(plugin_tb, op, insn_idx);
}
pr_ops();
}
@@ -847,7 +861,6 @@ bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool mem_onl
if (test_bit(QEMU_PLUGIN_EV_VCPU_TB_TRANS, cpu->plugin_mask)) {
ret = true;
- QSIMPLEQ_INIT(&tcg_ctx->plugin_ops);
ptb->vaddr = tb->pc;
ptb->vaddr2 = -1;
get_page_addr_code_hostp(cpu->env_ptr, tb->pc, &ptb->haddr1);
--
2.30.2
prev parent reply other threads:[~2021-09-17 16:37 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-17 16:23 [PATCH v1 00/11] testing and plugin pre-PR (configure, gitlab, plugins) Alex Bennée
2021-09-17 16:23 ` [PATCH v1 01/11] configure: don't override the selected host test compiler if defined Alex Bennée
2021-09-17 17:04 ` Warner Losh
2021-09-20 14:46 ` Ed Maste
2021-09-20 16:37 ` Alex Bennée
2021-09-17 16:23 ` [PATCH v1 02/11] tests/tcg/sha1: remove endian include Alex Bennée
2021-09-17 16:23 ` [PATCH v1 03/11] tests/tcg: move some multiarch files and make conditional Alex Bennée
2021-09-17 17:05 ` Warner Losh
2021-09-17 20:38 ` Philippe Mathieu-Daudé
2021-09-17 16:23 ` [PATCH v1 04/11] tests/docker: promote debian-riscv64-cross to a full image Alex Bennée
2021-09-17 16:23 ` [PATCH v1 05/11] gitlab: Add cross-riscv64-system, cross-riscv64-user Alex Bennée
2021-09-17 18:33 ` Philippe Mathieu-Daudé
2021-09-17 16:23 ` [PATCH v1 06/11] python: Update for pylint 2.10 Alex Bennée
2021-09-17 16:29 ` John Snow
2021-09-17 16:23 ` [PATCH v1 07/11] travis.yml: Remove the "Release tarball" job Alex Bennée
2021-09-17 16:23 ` [PATCH v1 08/11] gitlab: skip the check-patch job on the upstream repo Alex Bennée
2021-09-17 16:23 ` [PATCH v1 09/11] gitlab: fix passing of TEST_TARGETS env to cirrus Alex Bennée
2021-09-17 16:23 ` [PATCH v1 10/11] plugins/: Add missing functions to symbol list Alex Bennée
2021-09-17 16:23 ` Alex Bennée [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210917162332.3511179-12-alex.bennee@linaro.org \
--to=alex.bennee@linaro.org \
--cc=aurelien@aurel32.net \
--cc=berrange@redhat.com \
--cc=crosa@redhat.com \
--cc=f4bug@amsat.org \
--cc=fam@euphon.net \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).